In site B (WWW.BBB.COM/mypage.html) I have embed into html page an swf from another site url (http://WWW.AAA.COM/test.swf).
From site B I'm able to request all function in swf on www.aaa.com site.
cross domain policy don't works with html emebed tag .
this is an online example :
how can protect swf on www.aaa.com ?
crossdomain policy is based on where the SWF file is hosted. You can probably try restricting based sub domains, please find more details below.
Hope this helps.
Yes, the solution is to use a crossdomain.xml file where you have your .swf file hosted but be careful, you can limit the access to the .swf. Here's an example: http://api.flickr.com/crossdomain.xml but instead of <allow-access-from domain="*"/> you should have <allow-access-from domain="http://www.bbb.com"/> so that you'll limit swf access to only http://www.bbb.com
With best regards,